Australian Grand Prix
Darktrace is a tool that is extremely powerful and, in a single pane of glass, is very easy to for me to navigate to find and do what I need to do.
Stopping email attacks in every season
The Australian Grand Prix Corporation (AGPC) requires bespoke security to fit its highly seasonal digital landscape. For six to seven days a year, the corporation builds a massive temporary network to support its events. AGPC implemented Darktrace / EMAIL across its Microsoft cloud-based apps to protect its cyber assets during and between events.
“We see email as one of the foremost threats to our business,” said Clint Watson, the Division Manager of Technology for AGPC. “We are on the world stage. We see that we are targeted in the lead up to our events. We also have a lot of short-term employees who come into our fast-paced environment which increases the risk of clicking through links in potentially malicious emails.
“If there was someone who had gained access to the network and caused issues in some way on the vast temporary network that we built for the event to operate, it would almost bring the whole thing to a stop,” said Watson. “If the governing bodies and the teams do not have internet connectivity, there’s a significant safety issue and the race can be called off straight away.”
Darktrace’s Self-Learning AI learns the nuances of each employee’s normal behavior, so it can recognize deviations in email activity that constitute a threat. If Real-Time Detection identifies an attack, Autonomous Response makes precise micro-decisions to neutralize malicious emails, without acting on benign emails and disrupting the flow of business. This is critical for AGPC’s live events that cannot afford any delays.
Darktrace AI grows alongside the business, so it seamlessly supports the AGPC’s email system as it expands around an event.
The support I had from Darktrace, in the lead up to the event, made sure that I was comfortable with what we had. They checked if there was anything else that could be done to help protect AGPC for those few days. It was quite heartwarming because it shows Darktrace cares.
Defending against insider threats with AI
Insider threats, whether malicious or accidental, are notoriously difficult to spot since employees already have privileged access. Migration to cloud-based environments has only diminished security teams’ visibility. Traditional security methods that rely on rules and signatures cannot detect threats that come from within. Darktrace can.
Darktrace’s AI has visibility inside an organization as it learns individual behaviors and understands greater connections. It is granular enough to identify the subtle anomalies in behavior that indicate insider threats. For this reason, AGPC extended its Darktrace coverage to Microsoft 365 as well.
When AGPC gears up for an event, it hires several short-term contractors. Workers gain access to a lot of information including personal data of attendees, including high profile VIPs and royalty. That makes data loss prevention one of the top priorities.
“We soon realized the extra benefits we could get from the additional Darktrace products was greater visibility around user behaviors and the alerting of potential data loss. The instant reporting of certain DLP activities is now one of the most useful tools in AGPC’s cybersecurity toolbox,” said Watson.
In one instance, Darktrace successfully identified data exfiltration by a short-term contractor working for AGPC. It alerted the security team when the worker sent sensitive documents to a personal email address. The team spoke to the contractor and made sure the copied files were deleted.
Augmenting lean security teams
Darktrace uplifts AGPC’s small security team. The always-on AI continuously learns and scans, ready to respond if needed. The Cyber AI Analyst can investigate incidents, even if they span multiple systems, and create easy to understand reports. Darktrace takes over the low-level work to free up time for the IT team to prioritize other projects.
The Darktrace Mobile App ensures that security personnel have visibility, receive alerts, and can check in even when they are away from their computers.
I know Darktrace offers me a whole environment with a significant level of detection. If something goes wrong, it notifies me. In essence, it is a little bit like an employee, like someone sitting there all day, every day assessing our network and data and letting me know if something goes wrong.